Either you'll have to go through each update's code changes, one at a time, or update to the lastest version and overwrite all files - then re-apply the mod changes. Honestly. it'll probably be easier to start with a fresh 3.0.4 set of files and redo all your modifications.

It's clearly a hosting issue. Only way to know for sure is to find out the server load of the box you're hosted on. Most shared hosting providers host hundreds of users on the same server, and during slow times everyone is fast but when internet activity picks up during certain times of the then the...

Most likely it would be safe from sql injections, check the database to see if characters such as quotes or brackets are stored as < vs < - if so then it's safe. As for XSS I dunno enough about that to answer, javascript would display since regular html would so maybe.

Sending emails to previous spammers isn't going to increase spam, likely nothing will happen. You wouldn't overload the server by sending mails unless you sent out hundreds or thousands of mails at once and the server tried to process them all. Make sure the script or your server processes them in b...